The 2,000-Hour Problem: Why Traditional Due Diligence Can’t Scale to CSDDD

The Corporate Sustainability Due Diligence Directive comes into force in July 2029 for the first wave of companies. By then, every in-scope business must be able to demonstrate that it has taken “appropriate measures” to identify, assess, prevent, and mitigate human rights and environmental risks across its chain of activities.

The question nobody in compliance wants to say out loud is: how?

What CSDDD due diligence actually looks like today

Walk into any ESG team at a European industrial company and ask them how they assess a supplier site for environmental and human rights risk. The process looks something like this:

A questionnaire goes out. It asks the supplier to self-report on emissions, waste management, labour practices, safety records, and environmental permits. The supplier fills it out — or doesn’t. Response rates hover around 40–60% for first-tier suppliers, dropping to single digits beyond Tier 1.

For the suppliers that do respond, an analyst cross-references the answers against available databases: news monitoring for recent incidents, regulatory filings if accessible, third-party ratings from providers like EcoVadis or Dun & Bradstreet. They might check whether the facility is in a high-risk country for forced labour or deforestation.

For a subset of critical suppliers — perhaps 10–15% of the portfolio — the company commissions an on-site audit. An auditor visits the facility for one to three days, inspects conditions, and produces a report. That report reflects a snapshot of a single moment in time. Conditions change the day after the auditor leaves.

The full cycle for one supplier — from questionnaire to completed risk assessment — takes an experienced analyst 8 to 12 hours. For a company with 200 suppliers in scope, that’s 1,600 to 2,400 hours of analyst time. Per year. And the CSDDD expects ongoing monitoring, not a one-time exercise.

“For companies with 2,000 suppliers — not unusual for a major automotive OEM or chemical company — the maths is simply impossible with traditional methods.”

Where the time actually goes

The bottleneck isn’t the risk assessment itself. It’s the data collection.

Roughly 70% of the time an analyst spends on a supplier assessment goes to gathering information, not analysing it. Chasing questionnaire responses, waiting for replies, searching for public records, checking whether a facility’s emissions disclosures are current, reconciling data from multiple sources that don’t agree with each other.

The remaining 30% — the actual risk evaluation — is where the analyst adds value. But by the time they get there, the data they’re working with is often months old, self-reported by the entity being assessed, and incomplete.

This isn’t a criticism of ESG teams. They’re doing careful work under impossible constraints. The problem is structural: the entire process depends on the supplier’s willingness and ability to provide accurate, timely information about itself.

What satellite intelligence changes

Satellite data inverts the model. Instead of asking the supplier what’s happening at their facility and waiting weeks for an answer, you observe it directly.

Every supplier facility on earth is overflown by multiple satellite constellations daily. Those passes capture atmospheric chemistry, thermal behaviour, ground stability, vegetation health, water quality, operational patterns, and deforestation — continuously, updated every time a satellite passes overhead.

None of this requires a questionnaire. None of it depends on self-reported data. And none of it is a snapshot — it’s continuous.

“The data collection step — the 70% bottleneck — is eliminated entirely. The analyst receives an independent, timestamped assessment with indicator-level detail, ready to review, challenge, and act on.”

The efficiency comparison

Here’s what the numbers look like in practice:

For a portfolio of 200 supplier sites, the traditional approach requires approximately 2,000 analyst hours per year for the initial assessment cycle. Add 500–800 hours for ongoing monitoring, follow-ups on flagged issues, and annual reassessments. Total: roughly 2,500–2,800 hours, or 1.5 full-time analysts dedicated exclusively to supplier due diligence.

With continuous satellite monitoring, the initial assessment for all 200 sites is generated automatically. The analyst’s role shifts from data collection to data review — examining flagged anomalies, investigating threshold crossings, and directing on-site inspections to the facilities that actually need them. Based on our analysis, this reduces the total effort to approximately 400–600 hours per year — an 80% reduction in analyst time.

But the efficiency gain isn’t the most important number. The accuracy gain is.

Why independent data is more accurate

A questionnaire measures what a supplier says about itself. Satellite intelligence measures what is physically happening. These are different things.

In the cases we have studied — including forensic retrospective analyses of the Brumadinho dam collapse and industrial incidents at coal-fired power plants — the satellite-derived risk signals were present months before the incident occurred. In every case, the facility’s own monitoring systems and self-reported data showed normal operations. The gap between what was reported and what was observed is not an edge case. It is the norm for facilities operating under stress.

This doesn’t mean satellite data is infallible. It has real limitations: it cannot see inside a building, it cannot interview workers, and it cannot diagnose the specific mechanical cause of an equipment failure. What it can do is identify facilities whose operational signature departs from their own historical baseline — the kind of pattern that triggers the on-site inspection where specific problems get found.

“Satellite intelligence handles the broad, continuous screening of the full portfolio. Human analysts focus their attention — and the company’s limited inspection budget — on the facilities where the data says something has changed.”

What this means for CSDDD compliance

The directive requires “appropriate measures.” As satellite monitoring technology becomes more accessible and more capable, the standard for what constitutes an appropriate measure rises. A company that relies exclusively on annual questionnaires when continuous independent monitoring is available will find that increasingly difficult to defend — to regulators, to investors, and in civil proceedings.

The Commission’s forthcoming guidance on digital tools and technologies for CSDDD compliance, expected by July 2027, will likely address this directly. Companies that adopt continuous monitoring now will be ahead of the guidance, not scrambling to catch up with it.

“The 2,000-hour problem has a solution. It’s not hiring more analysts. It’s giving the analysts you have better data.”

RondoTrace provides continuous satellite intelligence for supply chain ESG risk monitoring, covering atmospheric emissions, thermal behaviour, infrastructure stability, vegetation health, deforestation, water quality, and operational patterns across any supplier portfolio. To learn how the platform integrates with your existing compliance workflows, contact us at adarsh@rondotrace.com.